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Communications Apparatus And Method 

5 

This invention relates to communications apparatus and a method. It 
particularly relates to apparatus including a router and a method involving 
a router using a point to point protocol. 

10 Routers are used to interconnect networks and the Internet, for example, 
is made up of a plurality of networks interconnected by routers. A local 
area network of interconnected computers in a department may be 
connected by a router to other local area networks serving other 
departments in an organisation and also to external networks and the 

15 Internet. 

■ 

A communication is directed by the router by using an Internet Protocol 
IP address allocated to a particular terminal on the network. It will be 
appreciated that there are only a limited although large number of 
20 possible addresses. In order to cater for the large number of terminals 
there are global DP addresses for networks and local IP addresses for the 
terminals. The global addresses are allocated by Internet service ..^ 

■ * J * 

providers coordinating with the Internet Assigned Number Aumoraty and 
the local IP addresses provided from a scheme set up and maintained^ 
25 the controller of the LAN. In order to route a communication mr a "VcV 

*. t * — « .. 

terminal on a LAN served by the router, address translation tables.are :;T 

'• v- 

provided to translate from a global IP address to a local address. The 

* • 

advantage of this translation process is that it is relatively straightforward 
to add new terminals to the LAN or to make other changes requiring an 
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update to the address. The translation process is referred to as Network 
Address Translation (NAT) and it is usually carried out by a software 
entity within the router. 



5 By using the NAT technique the global addresse are dynamically 
allocated to a connection. When the communication is finished the 
address is freed for use by another connection. A further software entity 
within the router called a connection controller monitors the traffic and if 

* 

a connection is not used for a particular length of time the connection is 
10 timed-out and broken and the address freed for re-allocation when 

required. The approach adopted is a simple one in which traffic on the 
link is used to indicate that the link is in use. That traffic however may 
include packets that are unwanted by a terminal oh the LAN and will not 
be answered when passed to the LAN by the router. For example, a 
15 terminal user may have been engaged in browsing the Internet and then 
discontinued using the browsing application program. Internet frames 
may still be being delivered which are unwanted. This traffic on the link 
will result in the connection controller maintaining the connection. 
Accordingly, this so-called "short-hold" process may lead to an address 
20 being held which could be usefully re-allocated. 



According to the invention there is provided communications apparatus 
comprising a router and a connection controller which router, in use, 
routing data to and from terminals on a local area network and the 
25 connection controller controlling connections involving at least one of the 
terminals, a network address translation translator for translating 
addresses on incoming data to addresses of terminals on the network; a 
monitor for monitoring the usage of a network addresses and for sending 
a message indicative of non-usage to the connection controller; the 
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connection controller being responsive to the receipt of the message to 
determine whether to release the connection. 



By sending a message to the connection controller when an address is 
5 unused the connection will be cleared even when a short-hold process 
would otherwise be implemented and the Jink apparently being used by 
packets arriving at the router which are unwanted. 



By releasing the connection sooner than would otherwise be the case 
10 connection costs will be reduced. A yet further benefit is that the security 
of the network is enhanced. 



The invention may be used to break more than one PPP-connection. In 
some arrangements the router may be used to provide connections to 
15 more than PPP interface and more than one LAN. The invention allows 
the use of connection controllers embodied as software objects each 
controlling a particular PPP connection and each may be made responsive 
to a message to release the connection. 



20 The invention also provides a method. 



A specific embodiment of the invention will now be described with 
reference to the drawing in which: 



25 Figure, 1 shows a local area network of computer terminals connected by 

* 

a router operating in accordance with the invention to the Internet; and 



Figure 2 shows the router and network of figure 1 in greater detail. 




As is shown in figure 1, a local area network LAN 1 is formed of a 
number of computer terminals 2 to 7 linked by an Ethernet 8. The LAN 1 
is connected to the Internet 9 by a router 10. The connections to the 
terminals 2 to 7 and the Internet are controlled by a software entity within 
5 the router 10 called a connection controller 11. The router 10 also 
includes a network address translation (NAT) translator 12 (sometimes 
referred to as a NAT box) which hold translation tables in memory (not 
shown) and an IP router 13. 



10 Whilst in this embodiment the router 10 is connected to one LAN 

respective PPP-interface it will be appreciated that it may serve more than 
one LAN or more than one PPP-interface. (Each PPP-interface may have 
its own individual connection controller) 



15 The router 10 is connected to a modem 14 and thence via an internet 
service provider 15 to the Internet 9. The link- to the modem 14 is a 
digital subscriber line (DSL) operating in accordance with a point to point 
protocol (PPP) and a point to point protocol over Ethernet (PPPoE). (The 
link may in alternative embodiments be an Integrated Digital Services 

* 

20 Network (ISDN) line and in general involve the use of other protocols). 



The LAN 1 operates in accordance with Ethernet standard IEEE 802.3. 
The connection control establishes a connection between a terminal on 
the LAN 1 and the Internet service provider 15 to permit Internet 
25 browsing by an application program ranning on the terminal or to allow 
emails to be sent and received. It will be understood that each terminal 
may have more than one application utilising the connection at any given 
time. Each application will utilise a logical port. For example, terminal 2 
may be running an Internet browser and an email application. The 
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25 



browser application will be served via a first logical port and the email 
application served by a second logical port. 



With the connection made, information in the form of datagrams 
5 compatible with TCP/IP protocol flow between the Internet 9 and the 

t 

ports. 

« 

Figure 2 shows the modem 14, router 10 and LAN 1 in more detail. 
The network address translator 12 allocates to an application an address 

■ 

10 to be used for the purpose of the connection. As is shown in figure 2, the 
terminals have an IP address of the form IPi, IPj and IPk. Each 
application ranning on the terminal will require a port. In the figure, the 
terminals are shown with just one port having an identifier Portl, Portm 
and Porta. The terminal address IPi, IPj or IPk is an internal LAN 

15 address set up in accordance with an addressing scheme supported by the 
LAN operator.- Both the IP address and the port addresses are stored in a 
memory structure within the translator 12 called a Network Address 
Translation Table (NAT). The table has two fields 16 and 17 which 
contain the global address information. This is of the form DP g Port g i to 3 

i 

20 where g denotes global. The local IP addresses and port numbers are 
written into the. rows of field 17(and in some applications in other fields). 
The global session IP address and the corresponding global port numbers 
are written in the corresponding division of the address field 16. 



When the connection is established, the internet sender communicating 
with the terminal 2 utilises an IP address IPg included in the arriving 
packets. This is the address that will be used for the rest of the 



connection and is therefore called the session IP address. In the examples 
given this address will be converted into a local IP address and terminate 
in 1 , 2 or 3. Thus for a datagram to arrive from the Internet at the router 
10 for forwarding to an application on a terminal it will include the router 

5 address for example 100.1.1.5 and a specific port number which is 
utilized by the router to address a specific local terminal and the 
corresponding application. The network address translator responds to the 
global IP/Port address to return the appropriate local IP and port address 
from field 17 and the IP router 13 sends the data onto the LAN 1 with an 

10 appropriate header. Note, that the correct conversion from global to local 
addresses can be done by the router as the communication is always 
initiated from the local LAN, so the router stores that initial local 
addresses and converts these to global addresses, all having the same IP g 
but different Port addresses. When the packets return with the global 

15 address information, the router can reassign the original local values 

■ * » 

■ 

The terminals 2 to 7 may be located on one departmental LAN. This 
grouping may be served by one interface on the router which connects the 
group to the Internet. The usage of the connection of the group as a 
20 whole on this interface will be monitored by the IP router 13. IP packets 

* 

arriving and leaving the LAN by the interface indicate that the connection 
is still required. 

A further entry in the NAT table 12 is provided to record the time at 
25 which the IP router 13' determines that a specific row of tables 16 and 17 
has been used for the last time. These are the entries z* to Zz in the field 
17. When the difference between this time and a current time 
determined by reference to an internal clock exceeds a threshold, the 
entry (row) is marked as "unused" in the unused flag u x to u z . If all of the 
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rows in the table are unused then the connection controller 1 1 will be 
instructed to clear the connection. (This connection being a DSL or ISDN 

* 

connection.) The table is checked by the IP router 13 in cycles and 
updated. . In essence, if we consider the period of checking the NAT 
5 table entries as a monitoring period Tc then , n the number of cycles may 
be derived from the short hold time Ts as follows to mark an entry as 
unused: 

♦ 

« ■ 

n=integer(Ts/Tc)+l . 

10 

A NAT entry that has been unused for n cycles is marked as "unused" but 
not deleted although the connection may already have been broken by the 
connection controller. It will remain until the NAT lifecycle has expired. 
The NAT lifecycle may be greater than Ts in order to support 
15 applications having large timeouts between several data transmissons 

When the IP router 13 determines that all the connections to the ports are 
unused it sends a message M to the connection controller 1 1 indicating 
that the link to LAN 1 is not in use. The connection controller 1 1 is 
20 responsive to this message to break the connection to the ISP 15 

The use of the message therefore circumvents the use of the short term 
hold that may be applied by the connection controller 1 1 and frees the 
connection sooner than would otherwise be the case. 

* 

25 In an enhancement of the described embodiment, if a terminal reports via 
standard TCP protocol features to the EP router 13 that it has been sent 
packets which are not required by an application running on the terminal, 
then it will trigger the entry zl , z2 or z3 to be set to unused. This will 
cater for erroneously sent packets and also packets being sent to a 

7 



terminal which has closed down say its internet browsing application 
when the packets are in transit. 

Another enhancement, the router will periodically poll the terminals on 
5 the LAN. In the event that a terminal is inactive the unused flag for the 
corresponding row may be set, resulting in the breaking of the connection 
if all unused flags are set. 

In the described alternative the router initiates the release of the 
10 connection via the message M to the connection control. In an other 
alternative the router periodically tells the connection control when the 
last usage of any of the NAT entries (row) took place so that the 
connection control can control the timeout for the release of the PPP link 
itself. 

15 

Whilst in the described embodiment the network translator, the IP router 
and the. connection controller as shown within one routing unit they may 
be furnished as separate components. More than connection controller 
may be provided and they may be embodied in software as software 
20 objects. 
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Claims 

* 

a 

t 

1 . Communications apparatus comprising a router and at least one 
connection controller which router, in use, routing data to and from 
terminals on a local area network and the connection controller 

■ 

controlling connections involving at least one of the terminals to 

* 

another network, a network address translation translator for 

« 

translating addresses on incoming data to addresses of terminals on 
the local area network; a monitor for monitoring the usage of a 
network addresses and for sending a message indicative of non-usage 
to the connection controller; the connection controller being 
responsive to the receipt of the message to determine whether to 
release the connection to the another network. 

2. Apparatus as claimed in claim 1 wherein the network address 
translator includes a table of network addresses having associated use 
state data. 

3. Apparatus as claimed in claim 1 or 2 wherein the monitor is an IP 

* 

router. 

4. Apparatus as claimed in any one of claims 1 to 3 wherein the 
connection operates in accordance with a point to point 
protocol(PPP). 

5. Apparatus as claimed in claim 4 wherein the connection operates in 
accordance with a point to point protocol(PPP) and at least one 
additional protocol. 
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6. Apparatus as claimed in claim 5 wherein the at least one additional 
protocol is one of a point to point tunnelling protocol (PPTP) or a 
point to point protocol over Ethernet (PPPoE). 

t 

7. Apparatus as claimed in any preceding claim wherein the connection 
controller is an entity on the router. 

* 

8. Apparatus as claimed in claim 7 wherein the at least one connection 
controller is a software object. 

9. Apparatus as claimed in any preceding claim wherein a plurality of 
respective connection controllers is provided each controlling a 
respective connection. 

10. Apparatus as claimed in any preceding claim substantially as 
hereinbefore described with reference to and or as illustrated by the 
drawing. 

1 l.A method of controlling a connection to a LAN to another network 
comprising: 

providing a router connected by an interface to ports for 
applications running on terminals on the LAN; 

providing a connection controller for controlling the connection 
between the router and the another network; 

monitoring use of the interface to the ports; and 

10 
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■ 

in the event of the interface being unused for the connections to the 
ports sending a message to the network controller to break the 
connection between the router and the another network. 

5 

12. A method as claimed in claim 1 1 wherein the use of a port is 
recorded in a network address translator table. 

s • 

► 

10 10. A method substantially as hereinbefore described with reference to 
and as illustrated by the drawing. 
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Abstract 



Communications Apparatus And Method 



A communications apparatus includes a router 10, a network address 
translator 12 and a connection controller 1 1 . The connection controller 

* 

1 1 governs the connection from LAN 1 to other networks such as the 
Internet. The LAN serves a number of tenrunals 2 to 7. In the event that 

10 the connection controller determines that the link to a particular LAN is 
not used it will enter a short term hold process. After a predetermined 
time has elapse the connection is broken. However, this short term hold 
process can be circumvented by the network translator rnamtaining a 
record of the terminal use (or more particularly a port serving an 

15 application on the terminal). In the event that all the terminals are 
determined as not in use then a message is sent to the connection - 
controller 1 1 indicating such and the connection is released. This avoids 
unnecessary connection cos£ and also enhances security of the LAN 1 . 



20 Figure 1 " J ' r : /<. 
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